Your personal data is collected by almost every site or app you visit. The world is more data hungry than ever because it’s now the most important asset, even more valuable than oil. Your shopping history is logged, your search history is captured and your phone number, email address and IDs are all stored. 

But that doesn’t mean all this data is safe. If you’ve ever received a spam call, phishing email or a fake support call, your personal data is out there.

And if you want proof of how poorly your data is treated, a newly uncovered database offers a stark reminder. More than 16 billion login credentials, collected from years of past data breaches, have been compiled into one of the largest aggregated archives of cybersecurity incidents ever seen, according to a report.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join.

10 SIGNS YOUR PERSONAL DATA IS BEING SOLD ONLINE

What you need to know about the 16 billion password data breach affecting Google, Apple and Facebook

Cybernews describes the exposed database as a “blueprint for mass exploitation.” The records include login credentials from popular platforms like Google, Facebook and Apple.

Security researchers emphasize that this isn’t the result of a new, single breach. Instead, it’s a massive collection of previously stolen credentials from various past leaks, phishing scams and third-party data exposures, some of which were forgotten, underreported or reshared.

BleepingComputer, a cybersecurity site that reviewed the archive, confirmed the data appears to be aggregated from older breaches rather than a fresh incident. This makes the scope of the exposure particularly dangerous because attackers can use this central trove for targeted attacks, including credential stuffing.

Credential stuffing becomes much easier when attackers have access to such a vast pool of usernames and passwords. This technique involves using stolen login details across multiple sites, exploiting the fact that many users reuse the same credentials. So, even if your account wasn’t part of a recent breach, you could still be at risk if your old credentials are part of this newly indexed compilation.

DOUBLECLICKJACKING HACK TURNS DOUBLE-CLICKS INTO ACCOUNT TAKEOVERS

How Google and Meta are responding to the massive password leak

We reached out to Apple, Google and Meta for comment.

A Google spokesperson stated that this issue did not stem from a Google data breach and that Google continues to strongly encourage users to adopt more secure, passwordless authentication methods, such as passkey. They also suggest using tools like Google Password Manager, which securely stores your passwords and notifies you when they’ve been involved in a breach, allowing you to take immediate action.

A rep from Meta said, “We don’t have a statement to share at this time as we’re still looking into this,” but did offer some tips to secure your account, a security check-up tool, and the introduction of passkeys on Facebook.

We did not hear back from Apple before our deadline.

WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

MALWARE EXPOSES 3.9 BILLION PASSWORDS IN HUGE CYBERSECURITY THREAT

5 essential ways you can protect yourself after the Apple, Google Data breach

With credential leaks becoming a growing threat, protecting your data requires a mix of smart security habits and reliable tools. Here are five effective ways to keep your information safe.

1. Use a password manager: Infostealer malware often targets passwords saved directly in web browsers, making them easy targets. Instead of relying on your browser to store credentials, use a dedicated password manager that offers zero-knowledge architecture and military-grade encryption to keep your data safe. The best options work across all your devices and browsers, offer secure sharing, monitor for data breaches, and even generate health reports on your passwords. Get more details about my best expert-reviewed Password Managers of 2025 here.

2. Enable two-factor authentication (2FA): Even if your credentials are stolen, 2FA adds an extra layer of security by requiring a second form of verification, such as a code from an authentication app or biometric confirmation. Cybercriminals rely on stolen usernames and passwords to break into accounts, but with 2FA enabled, they cannot gain access without the additional security step. Make sure to enable 2FA on important accounts like email, banking, and work-related logins.

3. Use strong antivirus software and be cautious with downloads and links: Infostealer malware often spreads through malicious downloads, phishing emails, and fake websites. Avoid downloading software or files from untrusted sources, and always double-check links before clicking them. Attackers disguise malware as legitimate software, game cheats, or cracked applications, so it is best to stick to official websites and app stores for downloads.

The best way to safeguard yourself from malicious links is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.

4. Keep software updated:  Cybercriminals exploit outdated software to deliver malware. Keeping your operating system, browsers, and security software up to date ensures that known vulnerabilities are patched. Enable automatic updates whenever possible, and install reputable antivirus or endpoint protection software that can detect and block infostealer threats before they compromise your system.

5. Consider a personal data removal service: The massive leak of 16 billion credentials shows just how far your personal information can spread and how easily it can resurface years later in aggregated hacker databases. Even if your passwords were part of an old breach, data like your name, email, phone number, or address may still be available through data broker sites. Personal data removal services can help reduce your exposure by scrubbing this information from hundreds of these sites. While no service can guarantee total removal, they drastically reduce your digital footprint, making it harder for scammers to cross-reference leaked credentials with public data to impersonate or target you. These services monitor and automatically remove your personal info over time, which gives me peace of mind in today’s threat landscape. Check out my top picks for data removal services here. 

Get a free scan to find out if your personal information is already out on the web

CHAOS RANSOMWARE HITS OPTIMA TAX RELIEF, LEAKS 69GB OF DATA

Kurt’s key takeaway

Passwords are no longer enough. That is why I have always believed tech companies should phase them out entirely and require two-factor authentication across the board. Passwords, once the foundation of online identity, are now one of its weakest links. Companies like Google and Meta are already building systems that move beyond them. The tools are available. The message is clear. You do not need to wait for a breach to start taking security seriously.

Do you think tech companies are investing enough in their cybersecurity infrastructure? Let us know by writing to us at Cyberguy.com/Contact. 

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter

Ask Kurt a question or let us know what stories you’d like us to cover

Follow Kurt on his social channels

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2025 CyberGuy.com.  All rights reserved.